Cisco – QoS, Marking map not marking properly

ciscoqos

I have small problem with my edge router. I use QoS, standard CBWFQ template with one LLQ queue. Howewer I have match in access-list of 'ef' class, router probably not mark packet properly.

My configuration is below; hopefully this gives a better explanation.

Whole queuing/scheduling and shaping map:

!
policy-map etm-blazeknet
 class realtime
  priority 512
  police 512000 conform-action transmit  exceed-action drop
 class priority
  bandwidth remaining percent 40
  random-detect dscp-based
 class missioncritical
  bandwidth remaining percent 39
  random-detect dscp-based
 class transactional
  bandwidth remaining percent 16
  random-detect dscp-based
 class general
  bandwidth remaining percent 1
  random-detect dscp-based
 class class-default
  bandwidth remaining percent 4
  random-detect dscp-based
policy-map shape-etm-blazeknet
 class class-default
  shape average 3400000
  service-policy etm-SpiraxSarco-SXSNet

Class map for realtime and ef:

class-map match-any realtime
 match ip dscp cs5  ef
class-map match-all ef
 match access-group name ef
 match protocol rtp
 .
 .
 .

Part of marking map:

policy-map ingress-mark
 class ef
  set ip dscp ef
 class af41
  set ip dscp af41
  .
  .
  .

Access-list for ef class-map and show command that show match:

ip access-list extended ef
 permit udp any range 49152 57500 any range 49152 57500
 permit tcp any range 49152 57500 any range 49152 57500

sxs-sgsingapor-2677033#sh access-lists ef
Extended IP access list ef
    10 permit udp any range 49152 57500 any range 49152 57500
    20 permit tcp any range 49152 57500 any range 49152 57500 (234 matches)
sxs-sgsingapor-2677033#

As you can see, in the ef access-list has matches, but when I look into stats of my marking map, I see that no packets was marked.

sxs-sgsingapor-2677033#sh policy-map int in
 GigabitEthernet0/0
 GigabitEthernet0/1

  Service-policy input: ingress-mark

    Class-map: ef (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group name ef
      Match: protocol rtp
      QoS Set
        dscp ef
          Packets marked 0
      .
      .
      .

The same is in output map, priority class doesn't works for me.
Yeah of course, marking map is attached on LAN interface.

If anybody had same problem, how I can solve it? Everything seems to be OK and I've never had a similar problem. Marking for other class is OK.

Best Answer

I overlooked the match-all statement in class-map ef. In my case it meant that packet that reach LAN interface has to match both statements access-group name ef and protocol rtp. Problem was packet not match the second conditions protocol rtp.

class-map match-all ef
 match access-group name ef
 match protocol rtp

So I changed it to match-any.

class-map match-any ef
 match access-group name ef
 match protocol rtp
Related Topic